Wi-Fi Alliance takes lead in wireless LAN security features

MANHASSET, N.Y.  The Wi-Fi Alliance has taken steps to boost the security of wireless LANs based on the IEEE's 802.11 standard by adding 802.1x authentication and Temporal Key Integrity Protocol (TKIP)-based encryption algorithms to its Wi-Fi Protected Access initiative. Both elements are drawn from the IEEE's draft specification for 802.11i, which won't be finalized until late next year.

"The industry needed a solution now," said Dennis Eaton, chairman of the Wi-Fi Alliance, an industry association that certifies the interoperability of products built to 802.11 specifications. "These [elements] are subsets of the .11i draft standard, so when that standard is finalized, products with these features included will be forward-compatible with .11i devices." Those devices will also be backward compatible with the current installed base of 802.11 networks, many of which already use 802.1x authentication and TKIP encryption to some degree.

The Wi-Fi Alliance will incorporate the security features into its process starting Nov. 8, and will then begin four rounds of interoperability testing. The group's certification  considered a seal of approval for 802.11 products  will include consideration of the security features beginning Feb. 6, 2003, though companies whose products are undergoing Wi-Fi Alliance interoperability testing will have a grace period during which compliance to the draft security specs will be optional.

Wi-Fi is adding the security features in response to increased pressure from users and from industry to address WLAN security in general and the wired equivalent privacy (WEP) encryption cipher in particular. TKIP was intended to address WEP, Eaton said, but the implementation of TKIP proved problematic and led to delays, he said. The nuances of the implementation have now been worked out, he said.

A third key element of the 802.11i draft standard  the advanced encryption scheme (AES)  remains a bone of contention within the IEEE standards body. That prompted the Wi-Fi Alliance to move forward now with TKIP and 802.1x, said Eaton. "The addition of AES alone would add 12 months to the design cycle," he said.